Collaborate with us. We do it across the private sector now, on a constant basis. There is a way for this entire audience to participate and help secure the election. In the end, the last measure of resilience in this election, is a prepared and patient participating voter. And thats on all of us. I want to thank all of you, for joining. Its been tremendous privilege of mine to have this discussion with you guys and the information that youve share. I think its valuable. Not only to the industry, but also the citizens of the united states. I appreciate all the work that you guys are doing and making sure our elections are secure, and are audible and people can have confidence in the process. Thank you. Thank you john. Thank you john. My great pleasure to introduce to you brad and chris, who will engage in our next shot. He is the executive Vice President for cybersecurity in hamilton. Chris known to all is the director for department of homeland security, cisa. Were also honored to give him last year cybersecurity leadership award. With us said, we are about 55 exactly 55 days away from the u. S. Election. Its my great pleasure and honor to introduce to you, brad mcgarry for the support and fireside chat. Brad. Hey thanks tom i really appreciate the invite to be here today, great pleasure to be here with chris. You mentioned how close we are to the election, were thankful that weve agreed to join us today to talk about some important topics. I think we should just dive in. Yeah i have to admit my heart is racing a bit right now. You said 55 days, i thought i had more time than that all right well lets dive in, aside from the election theres this other thing we have going. On covid19, certainly we saw the federal government moved from, being in the office to telling commuting in a matter of days. And, what your perspective around this new normal with both the federal government with both the federal government, but some of the critical sectors youre supporting . Just off the top, it is been hugely transformational. Every aspect and how we engage this change to one extent what extent other when it talk a bit about a elections but oneway elections have shifted and we were engaging advising our getting cybersecurity support to our federal partners as change dramatically. Given the height in the importance of certain agencies that are so critical to ensuring that we have the right Management Structure in place, or developing a vaccine at the same time we got these multitude of threats coming at us looking for research and information. Weve got to make sure that, at the top, they are providing the appropriate security support to those critical agencies. At the same time, and we got all these other federal agencies theyre shifting to a remote work environment, or have shifted to remote work environment, theyre expanding their tax surfaced if we dont take your foot off the gas for the progress we made what the programs. We should be doubling down on those investments right now. We should be accelerating the deployment of security tools like in point detection response. Its that much more critical that we get our arms around our security problems, enclosed amount as rapidly as possible. You mentioned the threats and the risks. I do see certain agencies are being targeted which of researched or have researched, have you seeing any changes as far as the attack landscape, the risks that are being put forward . Typically from the threats we are seeing what we are seeing three major primary lines of attack. Versus the nation state attacks, and the Intelligence Services as well as the military operations. Intelligence services are doing what they always do spies are being spies willing to collect information on whats really going on in the country, whats the status of the vaccine development. Lets Economic Health of the country where the policies that are shifting. They look at this shift in the relationship with china. Chinese Intelligence Services have been very active as has the russians. And their cybercriminal activity. Thats more traditionally going to be focused on fraud and criminal type activities from citizens. Its been a really fascinating thing to watch. Just about every single lawyer with phishing scam says been linked to covid. Some kind of covid theme weathers the early days sign appear to get tested, now its time to see things type here for a vaccine early trial vaccines. They really are praying on the fact that people are concerned about covid. Sorry about you but on my phone i get a weekly activity update. I know my numbers keep going up. Everyones more connected than ever right now. And the third threat that we are seeing, on last on the technical cyber side its disinformation. Whether its the russians, the chinese are the iranians or some other unattributed group. We continue see information push out there through social media, and increase in estimates thats being circulated like martial law takeover. My favorite right now over the summer is 5g help push out coronavirus. Which is complete garbage. It circulates, it goes by estimates and takes root in the real world and the uk, we saw 5g towers getting torched by vandals. Thats a problematic thing on a couple different levels. As soon as these narratives in a conspiracy theories become physical manifestations of violence to have a much larger problem on our hands. As we look at the Risk Landscape on the other side, risk speaker culmination vulnerability, consequences with the sprinkle likelihood on top. Weve been working really closely with our Intelligence Community, as they bring what we are seeing out there and we could say this is what that kind of attack again purchased due to the vulnerable systems out there. Here are the potential consequences. We are able to target our messaging, to our stakeholder groups. Very example a couple weeks ago, we released an alert on operational technologies, just because of the way that people are having to go home and manage things remotely. Were seeing remote maintenance of Operational Technology and control systems. That opens the door for bad activity to come into a network, an operational environment and disrupt functionality. Whos for us is the real next frontier of Risk Management its just disrupting functionality rather than compromising the privacy and security of your data. Weve been tracking d. O. T. Threat for a while, that seems to be really on the uptick. The other thing its been interesting, the recent ransomware attacks. Actually targeted ransomware with more than the two bit coin ransom right. It was rather significant. Wasted locker we saw a surgeon wasted locker tax. Attributed back to the evil court crew, which is a sanctioning 80, which makes it more complicated when youre thinking about paying off a ransom. You cant do that under the sanctions of the law, if you go to the Treasury Department and ask for a license or exemption. Theres big game hunting out there is a very patient actors. We have seen them in some cases sit on a network with persistence and maintain that persistence for quite some time. Watching how the system is maintained. In some cases hopping into the back channel, and go in what you thought was an off line back up, well know it has to touch the network at some point. Very capable adversaries. Thats one of those things maybe not the wasted locker team, by remain very concerned about the threat of ransomware particular with the elections in the next 55 and beyond days of the election, he somewhere remains a potential threat to those networks. Your team is really been focused around operationalize in your strategy, i look at a lot of the threat intel the advisories theyre very relevant and taylor. Can you talk to us about how your department actually acts on intel . Thats the clarify little bit. The National Security agency as their cybersecurity deck jury, we have a cybersecurity division. These two cste organizations theyre actually really symbiotic. Lets go back that Risk Management conversation. What is it that makes up risk . The nsa savvy division really wheels good with the threat piece and the vulnerability piece. We also get the vulnerability piece but were exceptional at the consequence piece. When you blend those capabilities together, we could work with our partners in the Intelligence Community and work on hey, this is what youre seeing over there. This is where this could come home and effectively come home to roost in the united states. We could do that targeted context rich engagement with our partners. I spent a lot speaking with people with the nsa in the sea has the to develop this relationship to understand what our respective strengths are, how can we could bring this together to strengthen the nations cybersecurity infrastructure. You mentioned 5g. He recently released a 5g strategy. And you seem to be paving the way for industry in terms of how to think about this technology, how to look at securing it and how to look at it in the broader ecosystem. What are some near term things youre seeing in the 5g front . The way we operate here, its essentially over two different time horizons. Defend today, secured tomorrow. What that means as we work with our partners to understand what the Risk Landscape is today, were gonna be blocking and tackling on active threats today, closing out vulnerabilities managing consequences harmful messaging. What i find the same battles today they were fighting tomorrow. The next security is secured by design secure by deployment. Not naive thinking that there will be new risks. There will be. Is always a vulnerability somewhere. Its always about close in my only get to them. The 5g piece for us, our 5g engagement strategy is just about that secure piece. Its understanding the Risk Landscape. Its managing risk, making it into the process. We also have an exceptional ability across the federal government have convening partners are stakeholders. With unique authorities that we could bring in drastic groups of industry and government partners, than that across a range of subject matters. Risk management of our task force that we settled two years ago. 5g is just another manifestation of that. Of really that exquisite Risk Management capability with that unique ability to bring partners together. We are looking at what are the threats posed, how could we run some testing against component tree thats coming down the pike, how do we bring our partners together so we have a rich environment of information sharing on what we know, but we dont know and how we confuse those two together. What really gets our top line objective here, to help foster a vibrant International Ecosystem of trusted 5g component tree. Its that simple. They are too many options right now that dont fit that mold. How do we create, how do we foster that environment for more trusted component tree in the 5g ecosystem . In the 5g world whats interesting is because the 5g infrastructure, i think also would ultimately enables him to be more processing thats gonna continue to integrate the digital physical world and introduce a lot more real risk across. I think more probably so than any other space, its where the integrity and availability aspect that becomes that much more critical including availability. It is the network performing as you need it or expected to perform in any given time, particularly if youre talking about more autonomy dysfunctionality out there. Both have to elections. Im sure this one your favorite topics whats your perspective what are some of the challenges youre facing now . Well i gotta admit when i came in the government is 0. 3 and a half years ago, i thousand it be like pure cyber stuff. As it really come around elections its been one of those core areas of focus for me and for the agency. Not just us is the entire federal government working with the Law Enforcement the fbi d. O. D. It is really been this the best way i call it, its a vibrant Election Security community. Its not just us most of importantly we had the supporting command to state and local election officials. It was a really bumpy ride at the beginning and half years ago, we have turned a corner in a really meaningful way. Were working with all 50 states on a regular basis. To share information, to secure their systems, to ensure they have all the resources they need whether to covid environmental not covid environment. That was definitely the curveball we did not anticipate. We are there we are ready. I think based on the work we have done this will be the most secure election in history. Without resting on our morals, i know there are capable destructive adversaries weathers china, they want to turn their sights on our system weve got to be ready. Weve got to be prepared we have resilience measures in place. When we think about what those means its paper in the system, its backups, its the ability to feel over to analog estate and carry out the vote. Ultimately, it all rests on the voter. Are they prepared to vote . Could they help participate . Could the volunteer and lastly to the patient . It would take longer to take the counting. Takes a little longer. I have a bit of patience that south democracy works. It wasnt made overnight. We have to wait a little bit longer for this one. You also referenced from the disinformation campaigns earlier from an election perspective my opinion thats one of the greatest risks we face as a nation. But its perspective around the role of federal government in terms of combatting this information . It is this this info, countering this involves a whole society. Its one of those cheesy government things of saying things. Its not just the federal government problems that. We need to social media platforms involved, we need the traditional media platforms involved, we need the people the American People to be involved as well, that more critical eye on the things theyre being presented them. We have the federal government, that is looking for things to disrupt, we have the Law Enforcement community thats connecting the dots and sharing information on accounts and specifics like that. Thats a lot of supply side disruption. We focus here on system at the demand side, helping the American People understand how these campaigns and techniques manifest. How to be a bit more of a Critical Thinking consumer of social media. The techniques have changed as well. Weve been very effective as a community on the social media side. The adversaries are shifting to traditional media. We are seeing them spin stories. I think the average person could do is look at whats being presented to you. Why is it being presenting it to you and who is presenting it to you . It comes from something tied to the kremlin like sputnik question the intent. Where they try to get you to do i think i dont think its a good thing. Covid19, we can talk about digital covid19 is accelerating. That were seeing an adoption of the cloud in the federal government, shipping this offers and service platforms. System was designated as the keystone for cybersecurity. I think we all know that cyber cybersecurity what is your perspective around covid as an accelerator there . Then the federal government is always lagging on whats happening in the street. If you look at the industry particular the market for the past several years, its a pretty significant consolidation. A lot of the bigs are snapping up the littles. And they dont manifest in the federal government as well. Every agency there is 101 civilian federal agencies. If youre talking about 101 really capable shops summer get. There can be efficient or effective. Isnt too much internal competition. The way i look at it, weve got whether its sza arctic quiz melodies a couple others that could provide cybersecurity services, thats a much better position. You have a consolidation, you could provide higher fidelity, were working on a couple things right now like a protective the nsc service. Thats gonna roll out thats gonna be a gamechanger i think. You continue to push er crossed the federal government, another game changer. It will all roll up to consistent unified dashboards you can understand where the risks are, you understand where the problems are across the federal government we can put our focus attention on that. This is been a gamechanger. I think we have made a lot of progress though. You mentioned clout the experience in the cloud. Were in the cloud already here. That has allowed us to skip over some of these vpn viabilitys have been so pervasive over the last year or so. Bypassing vpn straight up towards places in the service. Those are great things more advancement ahead of us. I appreciate the conversation, and i think we are out of time. Any closing comments . And is want to say thanks for giving me the time of day, being prepared, participating, thank you to tom for doing this. You are always right on top of it, and you adapt and. I know it is the spring, the fall rather, when its the billing ton cyber conference. Thank, you chris. I appreciate your time today. You are watching cspan 3, your unfiltered view of government, created by americas Cable Television companies as a public service, and brought to you today by your television provider. Up next on American History tv, author daniel croft discusses his book, lincoln and the politics of slavery, the other 13th amendment and the struggle to save the union. He describes how president lincoln and the Republican Party supported a constitutional amendment quite different than the one that was eventually ratified